Hi, I would like to configure my susefirewall to use only the ports 80, 25, 21. How i can do this ? Thanks for your help ! _________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
* Frédéric Poulet;
Hi,
I would like to configure my susefirewall to use only the ports 80, 25, 21. How i can do this ?
To let in or to let out to let in FW_SERVICES_TCP_EXT="21 25 80" to let out only 21 and 80 FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80 " nevertheless you can read more in teh unofficial SUSEfirewall2 http://sf.net/projects/susfaq HTH -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
* Togan Muftuoglu;
nevertheless you can read more in the unofficial SUSEfirewall2 http://sf.net/projects/susefaq ps. maybe I should stop cheewing gum and riding a bike -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
my network is :
INTERNET
|
|
FIREWALL ----- WEB SERVER (ftp server)
|
|
INTERNAL NETWORK (192.168.1.x)
i modify FW_MASQ_NETS to write :
FW_MASQ_NETS="192.168.1.0/24,0/0,tcp,21 192.168.1.0/24,0/0,tcp,53 192.168.1.0/24,0/0,udp,53
192.168.5.0/24"
and since my ftp server doesn't work !
Have you an idea ?
--- Togan Muftuoglu
nevertheless you can read more in the unofficial SUSEfirewall2 http://sf.net/projects/susefaq
ps. maybe I should stop cheewing gum and riding a bike
--
Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.
Nisi defectum, haud refiecendum
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
Hi,
Sorry but it's doesn't work, when i write :
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80"
FW_SERVICES_TCP_EXT="80"
my client machines don't find site, problem of dns ?
--- Togan Muftuoglu
Hi,
I would like to configure my susefirewall to use only the ports 80, 25, 21. How i can do this ?
To let in or to let out
to let in
FW_SERVICES_TCP_EXT="21 25 80"
to let out only 21 and 80
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80 "
nevertheless you can read more in teh unofficial SUSEfirewall2 http://sf.net/projects/susfaq
HTH --
Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.
Nisi defectum, haud refiecendum
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
if i do ping www.yahoo.fr from a client machine, i have no reponse !
--- Frédéric Poulet
Sorry but it's doesn't work, when i write :
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80"
my client machines don't find site, problem of dns ?
--- Togan Muftuoglu
a écrit : > * Frédéric Poulet; on 26 Jan, 2004 wrote: Hi,
I would like to configure my susefirewall to use only the ports 80, 25, 21. How i can do this ?
To let in or to let out
to let in
FW_SERVICES_TCP_EXT="21 25 80"
to let out only 21 and 80
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80 "
nevertheless you can read more in teh unofficial SUSEfirewall2 http://sf.net/projects/susfaq
HTH --
Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.
Nisi defectum, haud refiecendum
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
if i do ping www.yahoo.fr from a client machine, i have no response !
--- Frédéric Poulet
Sorry but it's doesn't work, when i write :
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80"
my client machines don't find site, problem of dns ?
--- Togan Muftuoglu
a écrit : > * Frédéric Poulet; on 26 Jan, 2004 wrote: Hi,
I would like to configure my susefirewall to use only the ports 80, 25, 21. How i can do this ?
To let in or to let out
to let in
FW_SERVICES_TCP_EXT="21 25 80"
to let out only 21 and 80
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80 "
nevertheless you can read more in teh unofficial SUSEfirewall2 http://sf.net/projects/susfaq
HTH --
Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.
Nisi defectum, haud refiecendum
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
Hi,
Sorry but it's doesn't work, when i write :
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,80"
FW_SERVICES_TCP_EXT="80"
my client machines don't find site, problem of dns ?
--- Togan Muftuoglu
Hi,
I would like to configure my susefirewall to use only the ports 80, 25, 21. How i can do this ?
To let in or to let out
to let in
FW_SERVICES_TCP_EXT="21 25 80"
to let out only 21 and 80
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80 "
nevertheless you can read more in teh unofficial SUSEfirewall2 http://sf.net/projects/susfaq
HTH --
Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.
Nisi defectum, haud refiecendum
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
* Frédéric Poulet;
Hi,
Sorry but it's doesn't work, when i write :
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80"
my client machines don't find site, problem of dns ?
what is your network addresing scheme for your LAN -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
My LAN is :
INTERNET
|
|
|
FIREWALL----------
192.168.1.1
|
|
|
INTERNAL NETWORK (192.168.1.x)
so i wrote
FW_MASQ_NETS="192.168.1.0/24,0/0,tcp,80"
FW_SERVICES_TCP_EXT="80"
--- Togan Muftuoglu
Hi,
Sorry but it's doesn't work, when i write :
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80"
my client machines don't find site, problem of dns ?
what is your network addresing scheme for your LAN
--
Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.
Nisi defectum, haud refiecendum
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
Hi, I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ? Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout ! Créez votre adresse à http://mail.yahoo.fr
there is no problem, because the messenger use the port 80
Regards.
---
Once upon a time on Thu, 29 Jan 2004 15:31:57 +0100 (CET),
Hi,
I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?
-- Christian Reichel Desenvolvimento --
ok, but i don't want to block the port 80 (http)
--- Fulano
Regards.
--- Once upon a time on Thu, 29 Jan 2004 15:31:57 +0100 (CET),
wrote: Hi,
I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?
-- Christian Reichel Desenvolvimento
--
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout ! Créez votre adresse à http://mail.yahoo.fr
So you can use the squid to block the url of messenger..
I thing thats is something like
loginnet.passport.msn.com
You can set the squid, and look ate the logs.
good luck
Best regards.
---
Once upon a time on Thu, 29 Jan 2004 16:11:09 +0100 (CET),
ok, but i don't want to block the port 80 (http)
--- Fulano
a écrit : > there is no problem, because the messenger use the port 80 Regards.
--- Once upon a time on Thu, 29 Jan 2004 15:31:57 +0100 (CET),
wrote: Hi,
I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?
-- Christian Reichel Desenvolvimento
--
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout !
Créez votre adresse __ http://mail.yahoo.fr
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
--- -- Christian Reichel Desenvolvimento Aberium Systems Ltda. Centro Empresarial S_o Paulo Rua Maria Coelho Aguiar, 215 - Bloco G - Piso Jardim S_o Paulo - SP - Brasil Tel: 58532264 christian.reichel@aberium.com http://www.aberium.com --
But with susefirewall i can't do that ?
--- Fulano
I thing thats is something like
loginnet.passport.msn.com
You can set the squid, and look ate the logs.
good luck
Best regards.
--- Once upon a time on Thu, 29 Jan 2004 16:11:09 +0100 (CET),
wrote: ok, but i don't want to block the port 80 (http)
--- Fulano
a écrit : > there is no problem, because the messenger use the port 80 Regards.
--- Once upon a time on Thu, 29 Jan 2004 15:31:57 +0100 (CET),
wrote: Hi,
I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?
-- Christian Reichel Desenvolvimento
--
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout !
Créez votre adresse __ http://mail.yahoo.fr
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
---
-- Christian Reichel Desenvolvimento Aberium Systems Ltda. Centro Empresarial S_o Paulo Rua Maria Coelho Aguiar, 215 - Bloco G - Piso Jardim S_o Paulo - SP - Brasil Tel: 58532264 christian.reichel@aberium.com http://www.aberium.com
--
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout ! Créez votre adresse à http://mail.yahoo.fr
No, unless you know the IP.
got it?
---
Once upon a time on Thu, 29 Jan 2004 21:13:20 +0100 (CET),
But with susefirewall i can't do that ?
--- Fulano
a écrit : > So you can use the squid to block the url of messenger.. I thing thats is something like
loginnet.passport.msn.com
You can set the squid, and look ate the logs.
good luck
Best regards.
--- Once upon a time on Thu, 29 Jan 2004 16:11:09 +0100 (CET),
wrote: ok, but i don't want to block the port 80 (http)
--- Fulano
a écrit : > there is no problem, because the messenger use the port 80 Regards.
--- Once upon a time on Thu, 29 Jan 2004 15:31:57 +0100 (CET),
wrote: Hi,
I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?
-- Christian Reichel Desenvolvimento
--
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout !
Créez votre adresse __ http://mail.yahoo.fr
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
---
-- Christian Reichel Desenvolvimento Aberium Systems Ltda. Centro Empresarial S_o Paulo Rua Maria Coelho Aguiar, 215 - Bloco G - Piso Jardim S_o Paulo - SP - Brasil Tel: 58532264 christian.reichel@aberium.com http://www.aberium.com
--
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout !
Créez votre adresse __ http://mail.yahoo.fr
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
--- -- Christian Reichel Desenvolvimento Aberium Systems Ltda. Centro Empresarial S_o Paulo Rua Maria Coelho Aguiar, 215 - Bloco G - Piso Jardim S_o Paulo - SP - Brasil Tel: 58532264 christian.reichel@aberium.com http://www.aberium.com --
i can, i think so what i must do ?
--- Fulano
got it?
--- Once upon a time on Thu, 29 Jan 2004 21:13:20 +0100 (CET),
wrote: But with susefirewall i can't do that ?
--- Fulano
a écrit : > So you can use the squid to block the url of messenger.. I thing thats is something like
loginnet.passport.msn.com
You can set the squid, and look ate the logs.
good luck
Best regards.
--- Once upon a time on Thu, 29 Jan 2004 16:11:09 +0100 (CET),
wrote: ok, but i don't want to block the port 80 (http)
--- Fulano
a écrit : > there is no problem, because the messenger use the port 80 Regards.
--- Once upon a time on Thu, 29 Jan 2004 15:31:57 +0100 (CET),
wrote: Hi,
I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?
-- Christian Reichel Desenvolvimento
--
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout !
Créez votre adresse __ http://mail.yahoo.fr
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
---
-- Christian Reichel Desenvolvimento Aberium Systems Ltda. Centro Empresarial S_o Paulo Rua Maria Coelho Aguiar, 215 - Bloco G - Piso Jardim S_o Paulo - SP - Brasil Tel: 58532264 christian.reichel@aberium.com http://www.aberium.com
--
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout !
Créez votre adresse __ http://mail.yahoo.fr
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
---
-- Christian Reichel Desenvolvimento Aberium Systems Ltda. Centro Empresarial S_o Paulo Rua Maria Coelho Aguiar, 215 - Bloco G - Piso Jardim S_o Paulo - SP - Brasil Tel: 58532264 christian.reichel@aberium.com http://www.aberium.com
--
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout ! Créez votre adresse à http://mail.yahoo.fr
Hi, /etc/init.d/SuSEfi* stop ;-)) You could also do echo 1 > /proc/net/ipv4/ip_forward ;-))) But the best would be, you use SuSEfirewall to redirect any Internet traffic to an transparent Proxy. And then watch the proxy logs and ad some deny policies. Greetings Dirk Frédéric Poulet schrieb:
Hi,
I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout ! Créez votre adresse à http://mail.yahoo.fr
thanks i will do it !
--- Dirk Schreiner
/etc/init.d/SuSEfi* stop ;-))
You could also do echo 1 > /proc/net/ipv4/ip_forward
;-)))
But the best would be, you use SuSEfirewall to redirect any Internet traffic to an transparent Proxy.
And then watch the proxy logs and ad some deny policies.
Greetings Dirk
Frédéric Poulet schrieb:
Hi,
I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout ! Créez votre adresse à http://mail.yahoo.fr
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout ! Créez votre adresse à http://mail.yahoo.fr
Frédéric Poulet wrote:
Sorry but it's doesn't work, when i write :
FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80"
my client machines don't find site, problem of dns ?
Check the syslog. I bet you will find DROPs because you tried to reach the external IP from the internal network. It's a feature. You must use custom_rules to work around this. -- Have fun, Peter
participants (5)
-
Dirk Schreiner
-
Frédéric Poulet
-
Fulano
-
Peter Wiersig
-
Togan Muftuoglu